2017年10月最新安全資訊

Wi-Fi Alliance®為幾十億Wi-Fi®設備提供值得信賴的安全保護,一如既往地為Wi-Fi用戶提供支援

與使用任何技術一樣,可靠的、在新的安全威脅面前保持主動所必需的安全研究有時會發現新的漏洞。安全研究人員已發現有些Wi-Fi設備中存在安全性漏洞,並立即將此發現通報了Wi-Fi業界。目前沒有證據表明該漏洞已被惡意利用來攻擊Wi-Fi用戶,Wi-Fi Alliance立即採取了措施,以確保用戶能夠繼續依靠Wi-Fi提供強大的安全保護。

  • Wi-Fi Alliance正在要求我們在全球各地的認證實驗室針對這個漏洞進行測試;
  • Wi-Fi Alliance已經提供了一款漏洞檢測工具,供Wi-Fi Alliance會員公司使用;
  • Wi-Fi Alliance正在廣泛地向設備廠商傳達有關這一漏洞的詳細資訊和補救方案,並希望設備廠商與其解決方案提供商合作,以迅速集成任何必要的修補軟體。

這個問題可以方便地通過軟體更新解決,過程與Wi-Fi使用者定期對其移動設備進行的軟體更新相似,主要平臺提供商也已經開始部署這些修補軟體。軟體更新不需要任何更改,不會影響Wi-Fi設備之間的互通性。使用者如需瞭解更多資訊,可以訪問設備廠商的官網。

與以往一樣,Wi-Fi使用者應該確保安裝了設備製造商提供和推薦的、最新的更新軟體。安全保護是一項隨時需要解決新問題的工作,Wi-Fi Alliance將一如既往地繼續為Wi-Fi用戶提供強大的安全保護。

相關識別字:

  • CERT case ID: VU#228519
  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

相關研究:

Wi-Fi Alliance會員公司可以點擊這裡下載漏洞檢測工具。

Frequently Asked Questions

What is the potential impact of this vulnerability on consumers?

There is no evidence that the vulnerability has been exploited maliciously, and consumers should expect an orderly update cycle for affected devices. We recommend all users install the latest recommended updates from end-device and network equipment manufacturers. It is important to note, that many consumer routers are not affected by this vulnerability, so consumers may not see an update available for their particular router. For those devices that have been affected, many vendors have already issued patches or will issue them shortly. Wi-Fi Alliance recommends checking the vendor’s website for information on specific vendor updates. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

Is the identified vulnerability a WPA2™ protocol issue or on issue related to specific device implementations?

When considering the question of whether a vulnerability is a protocol or implementation issue, the purpose is often to determine the vulnerability’s broader implications, such as the pervasiveness of the vulnerability, the ease of addressing the vulnerability, and the ability to maintain interoperability between patched and unpatched devices. In this instance, the issue can be resolved through straightforward software updates that retain interoperability across Wi-Fi devices. Major device and platform providers, including major operating systems, have already started deploying updates, protecting a substantial number of affected devices. The Wi-Fi industry is evaluating whether additional clarity or guidance on implementing the protocol is necessary in the standard.

How will vulnerabilities in existing devices be fixed?

The issue can be resolved with a straightforward software update – much like users regularly perform on their Wi-Fi devices already. Major platform vendors have already started distributing updates to their users, and updates will continue in the coming weeks. Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.

Will the fixes to address this vulnerability create interoperability issues between Wi-Fi devices?

The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

Will the vulnerability detection tool be made available for non-Wi-Fi Alliance member companies?

Wi-Fi Alliance is making its vulnerability detection tool available exclusively to Wi-Fi Alliance members in the interest of protecting Wi-Fi users. Similar to the concept of responsible disclosure, it is important to give vendors an opportunity to distribute patches before tools for detecting the vulnerability become readily available. Wi-Fi Alliance may consider making the tool available to non-members after a reasonable period of time.

How will I know if my device is affected?

Users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

What will Wi-Fi Alliance do to prevent these types of issues moving forward?

Events like this are rare, but security is never static. Maintaining strong security protections will always be an ongoing effort. Wi-Fi Alliance encourages responsible disclosure of any discovered security vulnerabilities, as was the case with this particular scenario, to ensure the best possible outcome.